[Techtalk] 216 ssh login attempts, what to do?

[aec]

On Thu, Oct 14, 2004 at 02:56:01AM +0530, Devdas Bhagat wrote:

>...re: possible to autoblock;

> It is. However, most serious professionals considers autoblocking as
> bad, because it enables someone to DoS you. Admittedly, this is much
> harder to do with TCP than with UDP, but the general assumption is not
> to trust the upstream equipment.
> 
> If you only log in from a few systems, you might want to use keys
> instead.
> 

I have an additional problem in that my network is behind a netgear
router, not a "real" router, such as an old linux machine with 2
network cards. 

I am not sure how possible it would be to have traffic allowed through
the netgear router and then additionally filtered at the destination
host. Maybe that is simple, i just don't know. 

I can however change the port sshd listens on, and tell my users to
specify another port in the future.

I can get someone hopefully in #linuxchix to port scan me and see if
there is anything glaring that I should change.

I can look into ssh keys, but I have six hosts behind the router and
7 more that are not mine, but I have shell access to, I think, but am
not sure, that you should *never* use the same key all over the place, 
but instead use a different key for each host? this would require me
to maintain 13 keys? 

Finally, I can read the "securing debian" manual, hope that its still
relevant and not outdated, hope that I understand it enough that I
don't make a major mistake configuring things and actually decrease
the security instead of increasing it. 

On the analogy discussed earlier about burglars/houses &
crackers/servers, it should be noted that yes there are some
similarities, but if you were to break into my apartment or, to 
even stand outside an peek in the window...you might be greeted by
my boyfriend hoping to crack you in the head with his baseball bat. 

sadly, script kiddies don't have this deterrent. We need an open
source baseball bat. 


-- 
Angelina Carlton